Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix mTLS cert to include CA cert #268

Open
EnigmaCurry opened this issue Sep 6, 2024 · 0 comments
Open

Fix mTLS cert to include CA cert #268

EnigmaCurry opened this issue Sep 6, 2024 · 0 comments
Assignees
@EnigmaCurry @mcmikemn
Labels
bug Something isn't working

Comments

@EnigmaCurry
Copy link
Owner

On GrapheneOS (and possibly iPad) the mTLS cert generated by step-ca does not import. This was tested by @mcmikemn to be due to the fact that the CA cert is not included. Even though its the server's job to validate the client cert, graphene seems to need it anyway.

d.rymcg.tech/step-ca/Makefile

Lines 53 to 55 in 7352447

.PHONY: cert # Create certificate
cert:
@CN=$$(${BIN}/ask_echo "Enter the subject (CN) to be certified, a domain name, or a client name"); ${STEP} ca certificate "$${CN}" "certs/$${CN}.crt" "certs/$${CN}.key" --not-after "$$(${BIN}/dotenv -f ${ENV_FILE} get STEP_CA_AUTHORITY_CLAIMS_DEFAULT_TLS_CERT_DURATION)" && ${STEP} certificate p12 "certs/$${CN}.p12" "certs/$${CN}.crt" "certs/$${CN}.key" && ${STEP} certificate inspect "certs/$${CN}.crt"

mike says

step ca root root.crt
cat client.crt root.crt > combined.crt
step certificate p12 combined.crt client.key newclient.p12
@EnigmaCurry EnigmaCurry added the bug Something isn't working label Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EnigmaCurry EnigmaCurry

@mcmikemn mcmikemn

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EnigmaCurry @mcmikemn